Firewall Services

Firewall Management - NSX

Description:

Manage Firewall Rules, Services and Security Groups in VMware’s NSX from ServiceNow.

Business Challenge:

Managing multiple NSX instances and ensuring that Firewall Rules are consistently applied in all relevant areas of the infrastructure requires manual intervention and is often prone to human error. If a firewall rule is applied in production but forgotten or incorrectly applied in DR, the effort to locate this error and get it fixed can inadvertently consume support resources. In addition, the NSX web portal is designed for a administrator with advanced skills and knowledge for firewall and security group management.

Solution Details:

Centralized Management of Firewall or Security Group

Allows a user to request a firewall rule or security group from ServiceNow and it will create, modify, and delete across multiple NSX instances. User can group Virtual Machines in security groups to facilitate assignment of rules for specific applications or nodes. It will allow or block communication to specific ports or services. The user can also create custom services in NSX instance(s).

User Friendly Interface

User-friendly interface, which reduces the requirement to have a security administrator, involved. The security administrator and manager would get an approval request and when approved the firewall or security group request would be completed.

Datacenter Consistency

The centralized request allows the user to identify which NSX instances the request for a firewall rule or security group must be applied. When approved the request is processed automatically to all the NSX instances requested. For example, if a user needs port 443 opened on both production and DR site, one request will automatically create both Firewall Rules in both locations.

Native ITSM Integration
  • Service Request (SR): A new request automatically creates a SR in ServiceNow. Approval routings will occur based on the business rules established in ServiceNow. Once a SR is approved ServiceNow will automatically inform Firewall and the requested service will be completed.
  • Change Request (CR): A reconfiguration automatically creates a CR in ServiceNow. Approval routings will occur based on the business rules established in ServiceNow. Once a CR is approved ServiceNow will automatically inform NSX and the requested service will be completed.
  • Incident: Any failure in NSX will automatically create an incident in ServiceNow. The product will automatically parse the server logs in NSX and automatically attached the latest log entries to the incident to enable the incident owner to more rapidly asses the situation and take the appropriate troubleshooting actions.
  • Change Management Database (CMDB): The Auto Discovery capability constantly identifies changes and automatically records those changes with necessary time/date stamps in the ServiceNow CMDB.

Key Features

  • Create, Modify and Delete Firewall Rules in NSX and to more than one NSX from ServiceNow in a simple and easy to understand UI.
  • Allow or block communication to specific ports, or Services.
  • Create custom Services.
  • Firewall Rules to facilitate assignment of Firewall Rules to specific applications or nodes.
  • Create, Modify and Delete Security Groups from ServiceNow.

System Requierements

  • MID Server : Version 2015-09-03-1003 and up
  • OS: Windows/Linux
  • Hardware: 8 CPUs, 8 GiB Memory, 20 GiB total on the primary disk
  • vSphere: Version 6.0.0 Build 2559277 and up
  • NSX: Version 6.1.3.2591148 and up

Pre-Requisites

  • vSphere : Version 6.0.0 Build 2559277 and up
  • NSX : Version 6.1.3.2591148 and up

Featured Demos

cFactory Suite - Firewall Management | Cloud Admin

Description: Firewall management displays Firewall Rules across all back end instances through a single ServiceNow interface. The user interface in ServiceNow is the same regardless of the back end firewall solution.

Client problem solved: Allow the user to see Firewall Rules across multiple NSX Instances.


cFactory Suite - Security Groups | Cloud Admin

Description: Firewall management allows the user to create and delete Security Groups through an easy ServiceNow interface that is the same regardless of the back end firewall solution. Security Groups are used to group objects such as VMs and IP addresses together and can be used in the source and destination fields of Firewall Rules.

Client problem solved: Allow the user to create security groups, which are groups of IP addresses or VMs that can be used as traffic endpoints when creating Firewall Rules and security policies.


cFactory Suite - Firewall Rules | Cloud Admin

Description: Firewall management allows the user to create and delete Firewall Rules through an easy ServiceNow interface that is the same regardless of the back end firewall solution.

Client problem solved: Allow the user to create and delete Firewall Rules across multiple NSX instances through a single ServiceNow interface.